Sysfilter with /etc/localdomains
if
"${if match_domain{${domain:$h_from:}}{+local_domains} {yes} {no}}" contains "yes"
then
freeze
endif
The intention is to use this to suspend outbound message delivery while testing our relay server. However, once the filter is applied and engaged, EXIM is yielding a permissions error on `/etc/localdomains`. I can override the error by doing a `chmod` operation on the file but this is, of course, undone once the EXIM configuration is rebuilt in cPanel. For context, I've also tried writing the filter by accessing the file directly:
if
"${lookup {${domain:$h_from:}} lsearch {/etc/localdomains} {yes} {no}}" contains "yes"
then
freeze
endif
The same permissions error still occurs. My understanding was that EXIM operated from the `root` user, so I'm not really sure why this error is showing up given that the localdomains file is owned by root. Is there a better or alternate way to test for a local domain? Any insight on this matter is greatly appreciated! Cheers, Stephan
-
Hey there! That's definitely the best file to check the mail delivery. On my personal server I see the following permissions and ownership: -rw-r----- 1 root mail 350 Dec 16 12:15 /etc/localdomains
Is your file getting reset to something different?0 -
Hey there! That's definitely the best file to check the mail delivery. On my personal server I see the following permissions and ownership:
-rw-r----- 1 root mail 350 Dec 16 12:15 /etc/localdomains
Is your file getting reset to something different?
So sorry that I didn't see this response sooner. It doesn't look like I got a notification when it posted. :( I've just reloaded the EXIM configuration in WHM and checked the permissions. My output matches yours exactly, but I still get a permissions error on my custom filter. Very strange. Any ideas?0 -
All the standard files in /usr/local/cpanel/etc/exim/sysfilter/options are owned by root as well, but none of them include other files either as the defaults are all performing filtering within the files themselves. Did you just create a file inside /usr/local/cpanel/etc/exim/sysfilter/options? I'd like to reproduce this on a test machine so knowing the steps you took would be helpful. 0 -
Hi!
Were there any progress/findings on this one? I've the same scenario and issue
(I need to create a filter that only runs on incoming mails (header_from not in localdomains))
0 -
Following error:
failed to open /etc/localdomains for linear search: Permission denied (euid=203 egid=203)
user 203 is cpaneleximfilter. So it makes sense that it cannot open the localdomains file as it's only readable by root and mail.
Are there a workaround? Can I make localdomains world readable or will the permissions get resetted by next change?
0 -
cPAdminsMichael - I don't have any additional details on my end about this one. I did confirm that permissions on /etc/localdomains get reset at each nightly update, so adjusting that isn't an option.
Can you get me specific steps on how I can replicate this behavior on my end so I can do some more testing?
0 -
Actually you can just use the initial example.
- Create a file /usr/local/cpanel/etc/exim/sysfilter/options/cprex_localdomain_test
- Add following content to file:
if "${if match_domain{${domain:$h_from:}}{+local_domains} {yes} {no}}" contains "yes" then freeze endif - Enable it and save in Exim Configurator
- Test sending a mail
0 -
But as mentioned, the issue is kind of obvious as the filters are run by user cpaneleximfilter according to /etc/exim.conf. So it makes sense that it cannot open the /etc/localdomains file as it's only readable by root and mail.
0 -
Thanks for that information. I also found this example string in the Exim documentation at https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html so it would seem that Exim expects this to work as-is.
I created case CPANEL-43841 with our team so they can look into this issue, and I'll be sure to post updates here as I get them.
0 -
Any updates on this one?
0 -
I don't see any updates on the case just yet, but I did reach out to the developers to let them know this was still an issue just now.
0
Please sign in to leave a comment.
Comments
11 comments